<%@ page language="java" contentType="text/html; charset=UTF-8"
         pageEncoding="UTF-8" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
    <script type="text/javascript" src="https://cdn.bootcss.com/jquery/1.8.0/jquery-1.8.0.min.js"></script>
</head>
<body>
<h2>登陆成功</h2>
<div id="h3"></div>
<textarea rows="10" cols="20" id="xxx"></textarea>

<input id="testc" type="button" value="注入js">


<input id="testc2" type="button" value="干掉注入">

<script type="text/javascript">
    $("#testc").click(function () {
        $.post("user/gethh", {"param": "<script>alert('<h3>注入成功!</h3>');<\/script>"},
            function (data) {
                //unescape(data.username);
                $("#xxx").html(unescape(data.username));
                $("#h3").html(unescape(data.username));
            });
    });

    $("#testc2").click(function () {
        $.post("user/gethh", {"param": "<script>alert('注入成功!');<\/script>"},
            function (data) {
                var newHtml = data.username.replace("<", "<").replace(">", ">").replace("\"", "\"").replace("'", "'");
                // var newHtml = data.usrename.replace("<", "<").replace(">", ">").replace("\"", "\"").replace("'", "'");
                $("#xxx").html(newHtml);
                $("#h3").html(newHtml);
            });
    });
</script>
</body>
</html>